<?php
session_start();
error_reporting(E_ALL);

function user_str_to_lower($string)
{
    $array_to_lower = array("А" => "а","Б" => "б","В" => "в","Г" => "г",
                            "Д" => "д","Е" => "е","Ж" => "ж","З" => "з",
                            "И" => "и","Й" => "й","К" => "к","Л" => "л",
                            "М" => "м","Н" => "н","О" => "о","П" => "п",
                            "Р" => "р","С" => "с","Т" => "т","У" => "у",
                            "Ф" => "ф","Х" => "х","Ц" => "ц","Ч" => "ч",
                            "Ш" => "ш","Щ" => "щ","Ъ" => "ъ","Ю" => "ю",
                            "Я" => "я");
    return strtr($string, $array_to_lower);
}

require_once 'dbvars.php';

// Connect to server and select databse.
$con = new mysqli("$host", "$username", "$password", "$db_name");
if ($con->connect_error)
{
    die('Connect Error (' . $con->connect_errno . ') ' . $con->connect_error);
}

// username and password sent from form 
$name = user_str_to_lower($_POST['search']); 

// To protect MySQL injection (more detail about MySQL injection)
$name = $con->real_escape_string($name);
$sql = "Select id, name, coords, description from $gobject_tbl_name where lower(name) like '%$name%'";

$result = $con->query($sql);
 
if($result->num_rows > 0){
    $row = $result->fetch_row();
    $gobjId = $row[0];
	$_SESSION['name'] = $row[1];
    $_SESSION['coords'] = $row[2];
    $_SESSION['descr'] = $row[3];
    header("location:selected.php?gobjId=$gobjId");
}
else {
    header("location:index.php?" . $name);
}

?>

